tenga virus nref to 237771
Results 1 to 2 of 2

Thread: tenga virus nref to 237771

  1. May 4th, 2009, 11:20 AM #1
    foe2839
    foe2839 is offline Virtual Med Student
    Join Date
    Apr 2009
    Posts
    2

    tenga virus nref to 237771

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-05-04 10:13:34
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEBEE16B8]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xEE1C00D2]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xEE1C2302]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEBEE1574]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xEE1C002C]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xEE1C0AAE]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateThread [0xEE1BFD12]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xEE1C1CB0]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0xEE1C0EC0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEBEE1A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEBEE114C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEBEE164E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEBEE108C]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xEE1C09E0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEBEE10F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEBEE176E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEBEE172E]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xEE1BFBB4]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xEE1C1DE0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEBEE18AE]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xEE1C0FA0]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwTerminateProcess [0xEE1BFF66]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xEE1C214A]
    SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xEE1C1FB4]

    ---- User code sections - GMER 1.0.15 ----

    .text G:\Program Files\MSN Messenger\msnmsgr.exe[2924] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 004DE392 G:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT G:\WINDOWS\system32\services.exe[720] @ G:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT G:\WINDOWS\system32\services.exe[720] @ G:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A973CC] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
    IAT G:\Program Files\Mozilla Thunderbird\thunderbird.exe[2904] @ G:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01A97376] G:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

    ---- EOF - GMER 1.0.15 ----
    Reply With Quote Reply With Quote
  2. May 4th, 2009, 11:24 AM #2
    Train
    Train is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,391
    Other logs are posted in http://discussions.virtualdr.com/sho...d.php?t=237771
    by eddds40
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules